Add FIPS Self test kats for digests

Added an API to optionally set a self test callback. The callback has the following 2 purposes (1) Output information about the KAT tests. (2) Allow the ability to corrupt one of the KAT's The fipsinstall program uses the API. Some KATS are not included in this PR since the required functionality did not yet exist in the provider. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10374)
author: Shane Lontis <shane.lontis@oracle.com> 2020-01-15 10:48:01 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2020-01-15 10:48:01 +1000
commit: 36fc5fc6bd5ca53fb30aabc38e3fefbab0005b2c (patch)
tree: 16e416a148ab7e40d416977ab971e315f7b034f1 /include
parent: 76123661a1db136b9ef368dc296a628818e7a4cc (diff)
5 files changed, 86 insertions, 26 deletions
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index 8be3861d4f..dbb68f2c44 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -155,7 +155,8 @@ typedef struct ossl_ex_data_global_st {
 # define OPENSSL_CTX_THREAD_EVENT_HANDLER_INDEX     8
 # define OPENSSL_CTX_FIPS_PROV_INDEX                9
 # define OPENSSL_CTX_SERIALIZER_STORE_INDEX        10
-# define OPENSSL_CTX_MAX_INDEXES                   11
+# define OPENSSL_CTX_SELF_TEST_CB_INDEX            11
+# define OPENSSL_CTX_MAX_INDEXES                   12
 
 typedef struct openssl_ctx_method {
     void *(*new_func)(OPENSSL_CTX *ctx);
diff --git a/include/internal/provider.h b/include/internal/provider.h
index a037233a30..8856d2fdd5 100644
--- a/include/internal/provider.h
+++ b/include/internal/provider.h
@@ -11,6 +11,7 @@
 # define OSSL_INTERNAL_PROVIDER_H
 
 # include <openssl/core.h>
+# include <openssl/core_numbers.h>
 # include "internal/dso.h"
 # include "internal/symhacks.h"
 
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index db9cb9ab2d..0bc51b3589 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -14,31 +14,16 @@
 extern "C" {
 # endif
 
-/*
- * Well known parameter names that Providers can define
- */
-
-/*
- * A printable name for this provider
- * Type: OSSL_PARAM_UTF8_STRING
- */
-#define OSSL_PROV_PARAM_NAME        "name"
-/*
- * A version string for this provider
- * Type: OSSL_PARAM_UTF8_STRING
- */
-#define OSSL_PROV_PARAM_VERSION     "version"
-/*
- * A string providing provider specific build information
- * Type: OSSL_PARAM_UTF8_STRING
- */
-#define OSSL_PROV_PARAM_BUILDINFO   "buildinfo"
-
-/*
- * The module filename
- * Type: OSSL_PARAM_OCTET_STRING
- */
-#define OSSL_PROV_PARAM_MODULE_FILENAME "module-filename"
+/* Well known parameter names that Providers can define */
+#define OSSL_PROV_PARAM_NAME            "name"                /* utf8_string */
+#define OSSL_PROV_PARAM_VERSION         "version"             /* utf8_string */
+#define OSSL_PROV_PARAM_BUILDINFO       "buildinfo"           /* utf8_string */
+#define OSSL_PROV_PARAM_MODULE_FILENAME "module-filename"     /* octet_string */
+
+/* Self test callback parameters */
+#define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
+#define OSSL_PROV_PARAM_SELF_TEST_TYPE   "st-type"  /* utf8_string */
+#define OSSL_PROV_PARAM_SELF_TEST_DESC   "st-desc"  /* utf8_string */
 
 /*
  * Algorithm parameters
diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h
index 9f49599dab..f41f7c02d0 100644
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@@ -12,6 +12,7 @@
 
 # include <stdarg.h>
 # include <openssl/core.h>
+# include <openssl/self_test.h>
 
 # ifdef __cplusplus
 extern "C" {
@@ -135,6 +136,10 @@ OSSL_CORE_MAKE_FUNC(int, BIO_free, (BIO *bio))
 OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (BIO *bio, const char *format,
                                        va_list args))
 
+#define OSSL_FUNC_SELF_TEST_CB                28
+OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CTX *ctx, OSSL_CALLBACK **cb,
+                                         void **cbarg))
+
 /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */
 # define OSSL_FUNC_PROVIDER_TEARDOWN         1024
 OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx))
diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h
new file mode 100644
index 0000000000..31dd6bd6c5
--- /dev/null
+++ b/include/openssl/self_test.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_SELF_TEST_H
+# define OPENSSL_SELF_TEST_H
+
+# include <openssl/core.h> /* OSSL_CALLBACK */
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/* The test event phases */
+# define OSSL_SELF_TEST_PHASE_NONE     "None"
+# define OSSL_SELF_TEST_PHASE_START    "Start"
+# define OSSL_SELF_TEST_PHASE_CORRUPT  "Corrupt"
+# define OSSL_SELF_TEST_PHASE_PASS     "Pass"
+# define OSSL_SELF_TEST_PHASE_FAIL     "Fail"
+
+/* Test event categories */
+# define OSSL_SELF_TEST_TYPE_NONE               "None"
+# define OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY   "Module_Integrity"
+# define OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY  "Install_Integrity"
+# define OSSL_SELF_TEST_TYPE_PCT                "Pairwise_Consistency_Test"
+# define OSSL_SELF_TEST_TYPE_KAT_CIPHER         "KAT_Cipher"
+# define OSSL_SELF_TEST_TYPE_KAT_DIGEST         "KAT_Digest"
+# define OSSL_SELF_TEST_TYPE_KAT_SIGNATURE      "KAT_Signature"
+# define OSSL_SELF_TEST_TYPE_KAT_KDF            "KAT_KDF"
+# define OSSL_SELF_TEST_TYPE_KAT_KA             "KAT_KA"
+# define OSSL_SELF_TEST_TYPE_DRBG               "DRBG"
+
+/* Test event sub categories */
+# define OSSL_SELF_TEST_DESC_NONE           "None"
+# define OSSL_SELF_TEST_DESC_INTEGRITY_HMAC "HMAC"
+# define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1  "RSA"
+# define OSSL_SELF_TEST_DESC_PCT_ECDSA      "ECDSA"
+# define OSSL_SELF_TEST_DESC_PCT_DSA        "DSA"
+# define OSSL_SELF_TEST_DESC_CIPHER_AES_GCM "AES_GCM"
+# define OSSL_SELF_TEST_DESC_CIPHER_TDES    "TDES"
+# define OSSL_SELF_TEST_DESC_MD_SHA1        "SHA1"
+# define OSSL_SELF_TEST_DESC_MD_SHA2        "SHA2"
+# define OSSL_SELF_TEST_DESC_MD_SHA3        "SHA3"
+# define OSSL_SELF_TEST_DESC_SIGN_DSA       "DSA"
+# define OSSL_SELF_TEST_DESC_SIGN_RSA       "RSA"
+# define OSSL_SELF_TEST_DESC_SIGN_ECDSA     "ECDSA"
+# define OSSL_SELF_TEST_DESC_DRBG_CTR       "CTR"
+# define OSSL_SELF_TEST_DESC_DRBG_HASH      "HASH"
+# define OSSL_SELF_TEST_DESC_DRBG_HMAC      "HMAC"
+# define OSSL_SELF_TEST_DESC_KA_ECDH        "ECDH"
+# define OSSL_SELF_TEST_DESC_KA_ECDSA       "ECDSA"
+# define OSSL_SELF_TEST_DESC_KDF_HKDF       "HKDF"
+
+# ifdef __cplusplus
+}
+# endif
+
+void OSSL_SELF_TEST_set_callback(OPENSSL_CTX *libctx, OSSL_CALLBACK *cb,
+                                 void *cbarg);
+void OSSL_SELF_TEST_get_callback(OPENSSL_CTX *libctx, OSSL_CALLBACK **cb,
+                                 void **cbarg);
+
+#endif /* OPENSSL_SELF_TEST_H */
author	Shane Lontis <shane.lontis@oracle.com>	2020-01-15 10:48:01 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2020-01-15 10:48:01 +1000
commit	36fc5fc6bd5ca53fb30aabc38e3fefbab0005b2c (patch)
tree	16e416a148ab7e40d416977ab971e315f7b034f1 /include
parent	76123661a1db136b9ef368dc296a628818e7a4cc (diff)